Friday Phish Fry

Phishing Email Alerts

Catch of the Day:  FBI Vishing

Chef’s Special:  Charming Kitten Phishinig snd Smishing

Examples of clever phish that made it past my spam filters and into my Inbox, or from clients, or reliable sources on the Internet.

I would be delighted to accept suspicious phishing examples from you.  Please forward your email to

My intention is to provide a warning, examples of current phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your own inbox.  If the pictures are too small or extend off the page, double-clicking on them will open them up in a photo viewer app.

FBI Alert: How Bad Actors Are Now Using Vishing

The FBI has released a private industry notification detailing how cybercriminals have been exploiting network access and escalating network privilege. According to the notice, attackers have shifted strategies for compromising employee accounts or credentials, now trying to gain access to all employee credentials, instead of targeting privileged individuals. They have been going after large companies… Read more

Charming Kitten Phishing and Smishing Attacks Use Legitimate Google Links and a Tricky Redirection Strategy to Fool Security Solutions

This breakdown of the latest attack from the Charming Kitten cybercriminal gang shows just how much thought goes into obfuscating their tactics and evading detection.

I’ve covered stories in the past where phishing attacks utilized well-known domains to keep from being detected, such as SharePoint Online, where the initial target site is credible enough to keep some security solutions from seeing the link as being malicious.

In the case of a recent attack by Cybercriminal group Charming Kitten (also known as APT35), the attack uses some pretty sophisticated tactics to avoid detection:

  • The initial link sent in text or email is a google(.)com link that points to a address with some specific parameters including an identifier so the bad guys know it’s one of their redirects
  • The matches the included identifier and redirects the visitor to a predefined unique URL for that specific victim
  • The third URL used is a redirection short URL. The really brilliant part is that initially, when used in conjunction with email-based phishing, the redirect points to a legitimate and benign webpage so that email scanners that traverse redirection will see it as legitimate. Once the email hits the Inbox, the redirect is changed to the malicious address
  • Once the victim hits the final malicious address, a spoofed logon page is presented to attempt to steal the victim’s google credentials
  • The user-specific malicious redirect is reconfigured back to a legitimate domain to hide the tracks of Charming Kitten

It’s evident that folks like Charming Kitten are putting a lot of effort and thought into avoiding detection before, during, and after the attack. This makes it nearly impossible for security solutions alone to protect users from such attacks. Users themselves need to be educated using Security Awareness Training to be watchful for unsolicited email and text messages – even when they appear to come from Google.

Blog post with links:

[INFOGRAPHIC] Q4 2020 Work From Home Phishing Emails on the Rise

KnowBe4’s latest quarterly report on top-clicked phishing email subjects is here. These are broken down into three different categories: social media related subjects, general subjects, and ‘in the wild’ attacks .

Hackers Continue to Prey on a Remote Workforce

Phishing email attacks leveraging COVID-19 were on every quarterly report in 2020, but there were not as many at the top of the list in Q4 as in previous quarters. However, we still see a lot of subjects related to working remotely as well as security-related notifications.

It’s no surprise that phishing attacks related to working from home are increasing given that many countries around the world have seen their employees working from home offices for nearly a year now.

Just because employees may be more used to their home office environment doesn’t mean that they can let their guard down. The bad guys deploy manipulative attacks intended to strike certain emotions to cause end users to skip critical thinking and go straight for that damaging click.

Don’t Dismiss Social Media as a Phishing Concern

We have seen a pattern of fake LinkedIn messages topping this list for the past three years. There is likely a perception that these emails are legitimate because they appear to be coming from a professional network. It’s a significant problem because many LinkedIn users have their accounts tied to their corporate email addresses. Top-clicked subjects in this category reveal password resets, tagging of photos and new messages.

Share the Infographic with Top Messages in Each Category With Your Users:



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.